Disable DNS Prefetching

[the-rocinante]

Description

Brave bypasses /etc/hosts

Steps to Reproduce

1. Edit /etc/hosts and add the following 2 lines.
   0.0.0.0 google.com
   0.0.0.0 www.google.com

2. Open brave and navigate to www.google.com

Actual result:

The real www.google.com is requested and displays in the browser window.

Expected result:

This site can’t be reached

Reproduces how often:

100% of the time.

Brave version (brave://version info)

Brave | 1.18.75 Chromium: 87.0.4280.101 (Official Build) (64-bit)
Revision | 9407c80213cda69c2b7abcb4fa8e3f74488f4956-refs/branch-heads/4280@{#1807}
OS | Linux

Miscellaneous Information:

See also: brave/brave-core#340

[bsclifton]

I believe this happens because DNS over HTTP is enabled and is expected behavior

You should be able to test this by doing the following:

1. Visit brave://settings/security
2. Under Advanced, disable Use secure DNS

cc: @fmarier @diracdeltas

[the-rocinante]

I thought that might have been the case initially (prior to submitting the ticket), but wasn't able to locate any such setting.

Assuming you're correct and I've simply overlooked something, it's concerning that this is enabled by default, as it forces users to trust an unspecified 3rd party DNS provider not of our choosing, and without adequate warning. Firefox for example has this option clearly marked, and it is an opt-in setting.

[diracdeltas]

we don't enable DoH by default as far as i know. #11312

[diracdeltas]

• Edit /etc/hosts and add the following 2 lines.
  0.0.0.0 google.com
  0.0.0.0 www.google.com
• Open brave and navigate to www.google.com

This worked as expected once I restarted Brave. Are you sure this is a prefetch issue and not DNS caching?

[the-rocinante]

Damn. So it would seem. I'm a little confused though since my /etc/hosts settings predate installing brave.
sigh Sorry to waste your time.

[the-rocinante]

Btw, I had brave opened on a separate desktop started with --incognito --proxy-server=socks5://localhost:9050 (ie. tor) and had assumed (apparently incorrectly) that this wouldn't effect a regular instance of the browser. Not sure whether that's related or not, but there you go.

[fmarier]

For the record, like Chrome, we have DoH auto-upgrades enabled: when your OS DNS resolver supports DoH, then we enable DoH to that resolver automatically.

You can disable that in brave://flags/#dns-over-https if you want.

[the-rocinante]

Thanks for the heads up. In my case that's "Not available on your platform." but I'll definitely make a note of that for future reference if/when it's rolled out to the stable branch. Thanks again folks. Again, sorry for my haste in submitting this non-issue. Hope you all are enjoying your holidays!